Compliance and its challenges at the age of AI and IoT

As part of the series of guest posts named Thoughts Leaders’ Corner, here is a very interesting article from Patrick Henz who is Regional Compliance Officer Americas at Primetals Technologies. I hope you will enjoy it!

Artificial Intelligence is on the rise. Computer programs are able to crawl through required databases and the internet. For them it should be possible to search internal databases of the company’s policies and guidelines, connect to external law databases and search the internet for news and actual interpretations of the law. Such results could be combined with other available databases, as for clients, payments and suppliers. With this a powerful software can answer all guideline- and law-related questions. Already today with a human-like voice, so that for the employee it will be hard to distinguish, if he or she speaks with a robot or human being. This software can connect to intranet, but also with the employee’s laptops, tablet and smart-phones. A 24/7-service is guaranteed. A related app can understand the employee’s voice and process audio into information, further it can analyze the emotion in the voice, and understand if the employee is, for example, in a stress situation.

Even if we are still not there, it is the question, if this ever will be possible. The US Securities and Exchange Commission (“SEC”) already decided that a “check-the-box”-Compliance system is not sufficient to protect a company against Corruption. The Compliance core function is not to inform employees about internal and external guidelines and execute regarding controls, but moreover to implement an adequate positive and sustainable corporate culture; Compliance is about humans. Still today the human brain is not completely known, but for sure more complicated than today’s existing computers, including the quite regular habit to act and or decide “illogical”.

So technology will not replace the Compliance department, but brings new tasks for it:

Internet of Things. Even more than today, all machines and products will have a WiFi-connection. This can be limited to a reading of information, but also lead to the possibility of a remote change of the machine’s preferences and functions; with or with-out the end client’s knowledge. Even without internet, machines can be programmed that way that they understand, when they are in daily-use or when they are in a test-, audit- or control-situation. With the IT-department, Compliance has a new target-group.

Millennials and following generations have a strong sense of ethics and see this as relevant for choosing a job. Nevertheless this is not a general advantage for Compliance; personal ethics do not automatically have to be compatible with the law and company’s guidelines. Further, these generations are not only raised with internet, tablets and smart-phones, also they are used to Apps and media libraries, meaning they do not consume anymore linear television. Content is available, when the user wants to see it; it is not required to wait for a special day and time. The disposition to wait is less developed than in earlier generations. Individuals and non-formal high technology groups may enforce ethics on their own. Data protection stays a relevant Compliance topic.

Smartphones and wearables continuously collect information about their users, including which locations they are visiting, if they do this by car or walking. Such information could be interesting for the HR department, as based on this the health condition can be predicted and so future sick-times, especially if a central software not just could access these devices, but connects this information with central employee healthcare information database. Data privacy would be strongly violated. Wearables are only a small step away from William Gibson’s vision of computer implants and cyber upgrades. In fact, implanted microchips already today can enable blind people to see again, bionic parts replace lost arms and legs. In 2015 a group of hackers got the control of several cars; in future it would be theoretically possible to hack a human being. Cyborgs are a target for data privacy and cyber protection.

This is a too extreme vision of the future? Maybe it is, maybe not, at least some thought provoking thoughts. Surely the job profile of a Compliance Officer is changing. The focus must be the individual employee with technology being a partner, but also threat. With this, the position evolves to an Ethics and /or Sustainability Officer.